European Union-United States Privacy Shield: What You Should Know

In today’s globalized business world, corporations need to enforce data protection policies to ensure corporate and employee data is not compromised overseas. Our corporate and employee data is now residing in either corporate or personal mobile devices in the United States or in the European Union. Therefore, it is imperative for both countries to ensure that corporate data overseas can be secured and actions can be taken in case of a compromise. The European Union's General Data Protection Regulations (GDPR), which go into effect in 2018, will further refine policies and protections that have already been implemented in the EU-US Privacy Shield program from back in July of 2016.

If this is the first time you have heard of the EU-US Privacy Shield, here is what you should know and what your corporation can do to be part of this program.

Executive Support – Drives corporate sponsorship of privacy programs by requiring an annual self-assessment of compliance, enforceable under US law

Is this a mandatory program that my company needs to apply for?

The Privacy Shield program is voluntary to join. However, once a US corporation has joined, its regulations are enforceable under U.S law by either the U.S Federal Trade Commission (FTC) or the U.S Department of Transportation (DOT).

How do I join?

A U.S-based company must self-certify annually to agree to adhere to the Privacy Shield Principles. Detailed information about joining the Privacy Shield is linked here.